you can pack 300 or 800 mb files in zip and then craft a optimized command to extract and runmy file is over 300mb, do u keep ur exe small? im trying to put just a lnk in a zip file and have it download with no warnings
,-
XSS.stack #1 – первый литературный журнал от юзеров форума
Help with my malware
- Автор темы sallynice45
- Дата начала
,
my file is over 300mb
Whats that?
- Автор темы
- Добавить закладку
- #63
i thought its best to pack stub with 300mb to download fine over chrome
Whats that?
- Автор темы
- Добавить закладку
- #64
can u hit me up on telegram please lolyou can pack 300 or 800 mb files in zip and then craft a optimized command to extract and run
yah maybe, PM me
is this a privet stuff can you share some info about this in PM or here )What a drama.
You can host your final payload anywhere,your own server or third-party services,specially legitimate ones,to host your final payload or the initial delivery(zip/iso) for example if you are not attaching to the email.
The guys above said almost everything already. In my case I use zipped password protected archive with DLL Search Order hijacking besides the .lnk and office macros. For those who don't know this technique,basically you use a legitimate vulnerable .exe file to load a malicious DLL on the same directory,or sideload. Choose a .exe with icon that helps with the social engineering in your campaign and that don't show any gui on the execution.
And about this taking too much steps to achieve execution,remember that is all about social engineering,people are dumb.
Video POC:
It took long to show the decoy because my connection was slow. You can see that the file is signed by microsoft and don't show any popups besides my custom decoy message box.
Well,you can find techniques like this online,there are so much info for free. But this specific method I'm using is 'private',and I don't know any TA using this exact .exe sideload in the wild.
Sorry, I will not share more details(unless paying,off course).
np i can understand, you using a legit exe signed by windows but DLLs are FUD ?
Yeah, in this case the signed .exe is loading a signed legitimate .dll that will load the final payload. Of course the final payload must be FUD, or low detection already,OR you use a loader.
This helps bypass detection because the whole execution is done by a legitimate process. I like it.
Последнее редактирование:
My excel .xll isn't marcos
Yeah there is .xls marcos and .xll Both are Excel, I use .xll
Can I PM maybe we could work something together
Yup PMs are always welcome))
How do i purchase Quantum builder software??help reccommed me boss
threads/67100/
be creative with .ink, macros are dead
.ink are dead too
Checkzilla scan is not enouph to know if its realy FUD or not because No internet connection , once you download the file it flaged it as malware that's mean the file is not FUD and detected at scantime , you need a FUD crypt to bypass this
Последнее редактирование:
Checkzilla - AVs WITHOUT Internet connection (whole system is cutted off the Internet). Scans are inaccurate.
That's true with checkzilla you can scan scantime and runtime if the encrypted stub has no stages to download and will 95% right